Simon,
Try something like this:
dev eth0 {
ingress {
$police_isp = SLB( cbs 100kB, cir 50000 kbps );
$police_mirror = SLB( cbs 20kB, cir 2000 kbps );
$police_other = SLB( cbs 10kB, cir 1000 kbps );
class(<>) if (ip_src == 1.1.1.1 || /* external host */
ip_src == 2.2.2.2 ) && /* backup traffic */
SLB_else_drop($police_isp);
class(<>) if ( ip_src == 3.3.3.3 ||
ip_src == 5.5.5.5 ) &&
SLB_else_drop($police_mirror);
class(<>) if SLB_else_drop($police_other);
}
}
> Message: 2
- Jacob
> Date: Thu, 06 May 2004 16:16:04 +0200
> From: Simon Oosthoek <simon.oosthoek@xxxxxxxxx>
> Organization: WMC
> To: lartc@xxxxxxxxxxxxxxx
> Subject: tcng ingress policing question
>
> Hi all
>
> I started playing with tcng to generate my tc rules, but I have some
> difficulty implementing my rules...
>
> The script below generates an error:
> # Device eth0
>
> tc qdisc add dev eth0 ingress
> beginner.tc:2: don't know how to build meter for this
>
>
> The script is below, I changed the real IP numbers for XXs and YYs,
> since it doesn't really matter what they are. eth0 is the external interface
>
> The intention is to limit the rate in most cases to 1 Mbit/s, the linux
> distr. mirror's may cause a bit more and within the ISP we're not
> charged with higher rates than we agreed on.
>
> Anyone know why tcc can't do this, or is it something I should be doing
> in the egress part?
> (I'd prefer not to, since I have more than 2 interfaces...)
>
> TIA
>
> Simon
>
> PS, the other interfaces don't have any queues, since this would be
> handled by the ingress policing in this way.
> ==============================
> script:
> ==============================
>
> dev eth0 {
> ingress {
> $police_isp = SLB( cbs 100kB, cir 50000 kbps );
> $police_mirror = SLB( cbs 20kB, cir 2000 kbps );
> $police_other = SLB( cbs 10kB, cir 1000 kbps );
>
> class(<>) if (ip_src == XXX.XXX.XXX.XXX || /* external host */
> ip_src == YYY.YYY.YYY.YYY ) && /* backup traffic */
> SLB_ok($police_isp);
> class(<>) if ( ip_src == host("host.mirror.one") ||
> ip_src == host("host.mirror.two") ) &&
> SLB_ok($police_mirror);
> class(<>) if SLB_ok($police_other);
> }
>
> egress {
> class(<$isp>) if ip_src == XXX.XXX.XXX.XXX /* external host */
> if ip_src == YYY.YYY.YYY.YYY; /* backup traffic */
> class(<$other>) if 1;
>
> htb () {
> class ( rate 100000 kbps ) {
>
> $isp = class ( prio 2, rate 50000 kbps )
> { sfq ( perturb 5 sec ); };
>
> $other = class ( prio 1, rate 1000 kbps )
> { sfq ( perturb 10 sec ); };
>
> }
> }
> }
> }
>
> dev eth3 {
> ingress {
> $policer = SLB( cbs 10kB, cir 500 kbps );
> class ( <> ) if SLB_ok( $policer );
> drop if 1;
> }
> egress {
> }
> }
>
>
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
